On the Per-Computer Settings page, you create settings profiles that specify how often to install software on workstations and servers. You can also define settings to prevent tampering and unauthorized uninstallation of the software.
Settings vary for WatchGuard Advanced EPDR, EPDR, EDR, EDR Core, and EPP. Throughout this documentation, WatchGuard Endpoint Security refers generally to all products. If you do not have a setting in the Endpoint Security management UI, it is not supported by your product.
To configure a per-computer settings profile:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Settings.
- From the left pane, select Per-Computer Settings.
- Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the page, click Add to create a new profile.
The Add Settings or Edit Settings page opens.
- In the Name text box, type a name for the settings profile.
- (Optional) In the Description text box, type a brief description of the settings profile.
- Configure these settings, as required:
- Click Save.
The new settings profile displays in the list.
- Select the profile and assign recipients, if required.
For more information, go to Assign a Settings Profile.
You can choose to show the WatchGuard icon in the system tray of computers where WatchGuard Endpoint Security is installed.
To show the WatchGuard icon in the system tray:
- Select Preferences.
- Enable the Show icon in the system tray toggle.
Configure the time and frequency of updates of the Endpoint Security software.
Update options are not configurable for Android devices. For more information, go to Configure Android Device Settings.
In the General settings of a workstations and servers settings profile, you can also configure automatic knowledge updates. For more information, go to Configure Automatic Knowledge (Signature File) Updates.
To configure updates to the endpoint security software:
- Select Updates.
- To automatically update the software on computers, enable the toggle.
Updates occur as soon as they are available unless you specify a day and time.
- Specify the time when the software can update:
- To apply updates to the software on managed computers during a specified time period, specify the Start Time and End Time.
- To allow updates to the software on managed computers at any time, select the Anytime check box.
- To specify the days on which to apply software updates, select an option from the Apply Updates Only on the Following Days list:
- Any Day — Applies updates when they are available, on any day of the week or month.
- Days of the Week — Select the days of the week to apply updates. You must select at least one day. When an update is available, it runs on the first day of the week that matches the selection.
- Days of the Month — In the Start Day and End Day boxes, select the days of the month between which to apply updates. When an update is available, it runs on the first day of the month that matches the selection.
- On the Following Days — In the From and To calendars, select the dates between which to apply updates. This update does not repeat.
From the If a Restart Is Necessary to Complete the Update Process list, select an option:
- Do Not Restart Automatically — A restart dialog box on the target computer prompts the user to restart the computer. The dialog box continues to open until the computer restarts.
- Automatically Restart Workstations Only — Computers automatically restart after the update completes. Servers do not restart automatically.
- Automatically Restart Servers Only — Servers automatically restart after the update completes. Computers do not restart automatically.
- Automatically Restart Workstations and Servers — Computers and servers automatically restart after the update completes.
Configure security against tampering to ensure that only authorized users can uninstall, disable, or uninstall WatchGuard Endpoint Security.
We recommend that you configure a password if you enable any of these options:
Require a password to uninstall the protection locally from the protected computer
If you enable this option, users must enter the configured password to uninstall the WatchGuard Endpoint Security or the WatchGuard Endpoint Agent from any computer that has these settings applied. This prevents unauthorized uninstallations.
Allow the protections to be temporarily enabled or disabled from the protected computer
If you enable this option, users must enter the configured password to get access to the administrator panel on the protected computer. In the WatchGuard Endpoint Security window, users can can temporarily enable and disable WatchGuard Endpoint Security. After the specified time period, the changes revert to the settings specified in the profile applied to the computer.
Enable anti-tamper protection
Anti-tamper protection ensures that only only authorized users can uninstall, disable, or uninstall WatchGuard Endpoint Security. If you enable this option, the configured password is required to disable anti-tamper protection locally from the protected computer.
To configure security against tampering:
- Select Security Against Unauthorized Protection Tampering.
- To require the user on the client computer to enter a password to uninstall WatchGuard Endpoint Security, enable the Request Password to Uninstall the Protection from Computers toggle.
- To allow administrators to temporarily manage computer security settings from the endpoint software on the computer, enable the Allow the Protections to Be Temporarily Enabled/Disabled from the Computer's Local Console toggle.
- To prevent users and malware when they try to disable protection, enable the Enable Anti-Tamper Protection toggle.
- If you enabled any of the toggles, enter the password the user must enter on the client computer in the Password Required to Perform Advanced Management Tasks Locally from your Computers text box.
If a computer loses its license because it is manually removed or because it expires or is canceled, the Anti-Tamper Protection and password-based uninstallation protection are disabled.
Shadow copies is a technology included in Windows computers that can create a snapshot of computer files, even when they are in use. From WatchGuard Endpoint Security, you can remotely interact with the Windows Shadow Copies service on the computers on the network. This feature is available for endpoints that run Windows Vista or Windows 2003 Server, and higher.
When enabled in WatchGuard Endpoint Security, Windows creates a shadow copy every 24 hours. WatchGuard Endpoint Security retains up to 7 copies at a given time. You cannot delete a shadow copy created by the software (WatchGuard Advanced EPDR, EPDR, EDR, and EPP). To restore a backup, you must use the Windows Shadow Copies app on your computer.
To enable shadow copies for endpoints in WatchGuard Endpoint Security:
- Select Shadow Copies.
- Enable the Activate Windows Shadow Copies to Create a Backup of your Computer's Files Every Day toggle.
Windows creates shadow copies of your computer files. WatchGuard Endpoint Security retains up to 7 copies of a file.
- In the Maximum Space for Shadow Copies text box, enter a value between 5% and 20%.
By default, the value is set to 10%. We recommend a value between 5% and 20%. Shadow Copies makes sure that the set volume is not exceeded. This value has priority over other space settings established by the network administrator.